CVE-2025-12799
Awaiting Analysis Awaiting Analysis - Queue

Cross-Site Scripting (XSS) in Jastow

Vulnerability report for CVE-2025-12799, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-07

Last updated on: 2026-07-08

Assigner: Red Hat, Inc.

Description

A flaw was found in Jastow. Jastow is vulnerable to Cross-Site Scripting (XSS) attack. If using a set of combined configuration to allow unescaped characters in URL with embedded Undertow and Jastow, a server might be vulnerable to improper input handling.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-07
Last Modified
2026-07-08
Generated
2026-07-09
AI Q&A
2026-07-07
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
red_hat jastow to 8.1 (inc)
red_hat jboss_enterprise_application_platform 8.1

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2025-12799 is a Cross-Site Scripting (XSS) vulnerability found in Jastow, a component used with Undertow in Red Hat JBoss Enterprise Application Platform.

The vulnerability occurs when certain combined configurations allow unescaped characters in URLs, which leads to improper input handling.

This improper handling can enable attackers to inject malicious scripts into web pages viewed by other users.

Impact Analysis

This vulnerability can allow attackers to perform Cross-Site Scripting (XSS) attacks, which may lead to the execution of malicious scripts in the context of a user's browser.

  • Stealing sensitive information such as session tokens or cookies.
  • Performing actions on behalf of the user without their consent.
  • Potentially compromising user accounts or the integrity of the affected web application.
Mitigation Strategies

To mitigate the CVE-2025-12799 vulnerability, you should apply the security updates provided by Red Hat for the JBoss Enterprise Application Platform.

  • Install the security advisories RHSA-2026:36342, RHSA-2026:36343, RHSA-2026:36344, and RHSA-2026:36345 corresponding to your RHEL version.
  • Ensure that your configuration does not allow unescaped characters in URLs when using Undertow and Jastow.

These steps address the improper input handling that leads to the Cross-Site Scripting vulnerability.

Compliance Impact

The provided information does not specify how the CVE-2025-12799 vulnerability impacts compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-12799. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart